View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001071 | Kali Linux | New Tool Requests | public | 2014-03-01 13:52 | 2020-02-11 11:43 |
| Reporter | levaja | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | have not tried |
| Status | closed | Resolution | won't fix | ||
| OS | Linux, Windows, Mac | ||||
| Summary | 0001071: Enum_Shares - Shared folders enumeration tool | ||||
| Description | Enum_Shares enumerates shared folders across the network and under a custom user account. It can check if the shared folder is writable for the current user. It can save you a lot of time when you need to discover directories allowing "write" to everyone or some specific user. | ||||
| Attached Files | enum_shares.py (5,845 bytes)
#!/usr/bin/env python
__author__ = "Dejan Levaja"
__license__ = "GPL"
__version__ = "0.1"
import os
import sys
import ipcalc
import threading
import time
import Queue
import codecs
import argparse
from smb.SMBConnection import SMBConnection
lock = threading.Lock()
q = Queue.Queue()
me = 'EnumMaster'
class EnumShares():
def __init__(self, user, pwd, output):
self.user = user
self.pwd = pwd
self.output = output
def get_shares(self):
try:
shares = self.conn.listShares(timeout=3)
return shares
except:
pass
def create_folder(self, name):
# *** Try to create a folder ***
if not name in ('IPC$', 'print$'):
try:
self.conn.createDirectory(name, test_folder)
msg = '%s => %s\t\tWRITABLE!' % (self.remote_ip, str(name).rjust(10)) #, writable)
lock.acquire()
print msg
if self.output:
logger.writer(msg)
lock.release()
except:
msg = '%s => %s' % (self.remote_ip, name)
lock.acquire()
print msg
lock.release()
def delete_folder(self, name):
# *** Try to delete the folder ***
if not name in ('IPC$', 'print$'):
try:
self.conn.deleteDirectory(name, test_folder)
except:
msg = '[!] Could not remove %s from "%s\%s" !' % (test_folder, self.remote_ip, name)
lock.acquire()
print msg
if self.output:
logger.writer(msg)
lock.release()
def connect(self, remote_ip):
#print 'ip: ', remote_ip
self.remote_ip = remote_ip
self.conn = SMBConnection(self.user, self.pwd, me, self.remote_ip, domain=dom, use_ntlm_v2 = True, is_direct_tcp=True)
try:
assert self.conn.connect(self.remote_ip, 445, timeout=3)
except Exception, e:
lock.acquire()
if 'Broken pipe' in str(e):
print '[!] Cannot contact %s' % self.remote_ip
else:
print '[!] Acces Denied %s' % self.remote_ip
lock.release()
return
shares = self.get_shares()
if shares:
for share in shares:
if writetest:
self.create_folder(share.name)
self.delete_folder(share.name)
else:
msg = '%s => %s' % (self.remote_ip, str(share.name).rjust(10))
lock.acquire()
print msg
if self.output:
logger.writer(msg)
lock.release()
else:
return
class Logger():
def __init__(self, output):
self.output = output
def writer(self, msg):
with codecs.open(self.output, 'a', encoding = 'utf-8') as f:
f.write(msg+'\n')
def main():
if ips[0].isdigit():
if '/' in ips:
for ip in ipcalc.Network(ips):
q.put(ip)
while 1:
if not q.empty():
tcount = threading.active_count()
if tcount < numthreads:
ip = q.get()
es = EnumShares(user, pwd, output)
p = threading.Thread(target=es.connect, args=(str(ip),) )
p.daemon = False
p.start()
else:
time.sleep(0.5)
else:
break
else:
ip = ips
es.connect(ip)
else:
print '\nNo computer names allowed, only IP adressess.'
sys.exit()
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-t', '--target', required = True)
parser.add_argument('-u', '--username', required = True)
parser.add_argument('-p', '--password', required = True)
parser.add_argument('-w', '--writable', action = 'store_true')
parser.add_argument('-n', '--numthreads', default = '50')
parser.add_argument('-o', '--outfile', default = None)
args = parser.parse_args()
ips = args.target
usr = args.username
if '\\' in usr:
dom, user = usr.split('\\')
else:
user = usr
dom = ''
test_folder = 'EnumMaster_%s' % user.strip()
pwd = args.password
output = args.outfile
if output and os.path.exists(output):
oww =''
while oww.lower() not in ('a', 'o'):
msg = '\n[!] Output file "%s" already exists. Append or owerwrite [a/o] ? ' % output
oww = raw_input(msg)
if oww.lower() == 'o':
with open(output, 'w') as f: pass
writetest = args.writable
if writetest:
print '\n[!] To test if the share is writable, we need to try to create an empty folder named:"%s" in it.' % test_folder
print ' We will try to remove that folder instantly, but it may fail for various reasons.'
answer = ''
while answer.lower() not in ('yes', 'no'):
answer = raw_input(' Are you sure you want to test write access [yes/no] ? ')
if answer.lower() == 'no':
writetest = False
print '\nSettings:'
print 'domain: ', dom
print 'user: ', user
print 'write test: ', writetest
print 'output:' , output
print '\n'
numthreads = int(args.numthreads)
if output:
logger = Logger(output)
main()
sys.exit()
| ||||
 |
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
|
|
|
Looks like its python 2 - which is EOL |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-03-01 13:52 | levaja | New Issue | |
| 2014-03-01 13:52 | levaja | File Added: enum_shares.py | |
| 2018-01-26 11:46 | g0tmi1k | Summary | Shared folders enumeration tool => Enum_Shares - Shared folders enumeration tool |
| 2018-01-29 10:51 | g0tmi1k | Note Added: 0007931 | |
| 2019-12-09 13:30 | g0tmi1k | Severity | minor => feature |
| 2020-02-10 18:05 | g0tmi1k | Note Added: 0012184 | |
| 2020-02-11 11:43 | g0tmi1k | Status | new => closed |
| 2020-02-11 11:43 | g0tmi1k | Resolution | open => won't fix |
